Month: May 2009

I was away from home for a week and returned back yesterday evening. As I had a weeks emails pending, the first thing I did after reaching home was to access gmail. To my horror, google was telling me that I am providing a wrong password. Then, I tried to log in to my blog. I found out that my blog has been defaced. I was getting the following screens, Some Arabic bymn was played in the background.

This page will give you some more information on how a hacked page look like. I contacted my web hosting provider and got the password for the site reset and the site was back with in my control.

However gmail id was my lifeline and I had to recover it at any cost. I tried to recover my password from the gmail login page as below.

The next page had these options.

I selected my account has been compromised which gave me the following link.

The account recovery page is here. Have a look at it. Your scucess in retrieving the account lies in accurate answers in this page. I filled out the following sections.

Fortunately, I remembered who invited me to gmail.( I had a gmail account at a time when gmail invites were sold on ebay). Also, I use filters and labels heavily for handling mail. There was some fuzziness with dates , still I could approximate it. I have a couple of blogs linked to the account and an orkut profile. I knew only the url of my blog on blogspot. I was very skeptical whether I will get it back. I submitted and waited any response form google. About an hour later I recievd the following mail from google.

I reset the password and retrived my account. The attaker had tried to capture some of my other on line assets from the gmail id. Some of the automated responses had his IP address logged( or it might be a proxy). I traced the attacking IP to Saudi Arabia.

Why I lost my account ?

There may be several reasons. Here are some of my assumptions .

a) I had a weak password. ( 6 letters and that too based on a dictionary word)

b) I had enabled POP3 access for my gmail account, even though I was not using it. There are plenty of scripts like this available on the Internet for brute force attack on gmail accounts via POP3.

c) I had used my account from a friends place last week on a windows XP machine. May be that machine has a key logger installed and the attacker might have obtained the password via IRC from there. I cheeked my home machines for any possible root kits, but I could not find any. My windows machines do not have internet access.

d) Some one might have stolen the password from one of the machines that I use at college. ( As we are having vacation now , I can safely rule out this possibility)

What information one must keep about google accounts.

1) If some one invited to a gmail account , keep the email. It can save you a lot of trouble. It will give you some idea about the date of creation of your account.

2) If you use labeling and filters , remember the labels. You can give easy to remember names and context relevant labels to your mail.

3) Even if you are not blogging , create a blog on blogspot . The URL of the blog can be an important information.

4) Email addresses are not by hearted as phone numbers. So export the your gmail contact list to a file and keep it. The account recovery page asks for up to five frequently contacted email ids. ( Click on contacts on the left side of any gmail page and select export to save the contacts.)

5) Set up a secondary email id and give it a different password. ( You can use Settings->Accounts->google account settings-change security question for this.)

6) Set up a security question. It can save you a lot of trouble.

7) If you use orkut, keep the URL of your orkut profile.

You can obtain it from your orkut home page as shown in the figure below.

9) Disable POP3 and IMAP if you are not using them.

10 Use a Strong password. This is the most important step. In the change password page, make sure that your password is strong as shown in the picture below.

The notification system in the newly released ubuntu 9.04 ( Jaunty) uses the notify-osd framework. This system provides a standard way of doing passive pop up notification on the desktop.The notifications are semi transparent click through bubbles. These pop ups will disappear after a short period of time. Some times these bubbles can be irritating.

Installing LTSP and enabling thin clients to boot from your ubuntu 9.04 machine is very easy.

I did the following steps.

a) Install ubuntu 9.04 ( aka Jaunty) desktop with a static IP. ( A static IP is needed as your ubuntu box is going to act as a server. My IP is 192.168.0.1). Set up Internet access on this machine. You need to download a lot of packages from the net to complete the installation.

This command will download all the necessary packages from Internet and build your environment.

Have a look at /opt/ltsp/i386. This directory will now contain the chroot environment for the thin clients. If you want to tweak any settings you cna do it here.

d) Edit the /etc/ltsp/dhcpd.conf to suit your network setting. This file will serve the ip range 192.168.0.20 192.168.0.250 by default. If your network uses this range you can leave it as it is. (The default file worked for me as my server IP is 192.168.0.1)

e) Run the following commands.
#ltsp-update-sshkeys

#ltsp-update-image

The first command above will export the ssh keys of the server to the ltsp client environment. The ltsp-update-image command will rebuild a squashfs image from the ltsp chroot environment and place it under /opt/ltsp/images directory. This image will be exported to the thin client as root file system by the NBD daemon on the server.

Your LTSP server is ready. Try booting form a client via pxe or etherboot. You can also try to boot the thin client in qemulator.
There is a sample script for this in /usr/share/doc/ltsp-server/examples/ named qemu-ltsp.

Note: If you change any thing under /opt/ltsp/i386 , you must rebuild the image for the change to be reflected on the client. Also, if you change the IP address of the server you must do an ltsp-update-sshkeys followed by ltsp-update-image.

Today I was playing with ubuntu 9.04 . I tried to install wwwoffle the off-line proxy server. At the end of installation it failed with a ” Sub process /usr/bin/dpkg failed ” message. There was some thing wrong. Fixing the system required removal of the package. I tried the following in succession in vain.

# apt-get remove wwwoffle

#dpkg -P wwwoffle

#dpkg –force-all -r wwwoffle

I was stuck. I did a manual removal of the deb package like this.

a) List out all the file of the deb package.

# dpkg -L wwwoffle

b) Removed all the files from the above list by hand. If you are smart enough you can write a script for that.

Most of the home brewers and electronics hobbyist see fabricating a PCB as a roadblock . I will describe an alternate approach to circuit construction where you need only bare copper clad sheet. This method is some times called Manhattan method.( I don’t know the reason.)

The basic ingredients you need for this type of construction is bare copper clad sheet. Either glass epoxy or paper phenolic boards can be used. As the first step take a small pieces of copper clad sheet and chip it into small pads. There is no minimum size or maximum size . Use a sharp tool like a chisel for cutting the board. Some sample pieces that I made is shown in the figure below. If you have access to a sheet metal cutting tool, it is very easy to make them. I keep a small box of such PCB chips.

Collect all the components that you need for construction. Study the circuit you are planning to build and make a rough layout of component placement on paper. Pay special attention to the size and shape of the components you are planning to use. If possible, make the circuit layout section by section . This will make debugging easier. The circuit will be fabricated on a a plain copper clad sheet .The copper clad sheet will be the ground of your circuit Keep this in mind when you make the sketch. Here is the circuit and a rough sketch I made for constructing bitx20. ( This is RF preamplifier stage of bitx20).

Make a pad layout next from the above layout.

The size of the copper clad sheet needed can be roughly estimated if you have some idea about the components. Cut a sufficiently large piece of copper clad and then clean it properly. Affix the pads using super glue. Any other adhesive used in electronic repair can be used.

Now start soldering . Make sure that the pads are clean. I use a sharp knife to clean the pads. Start with the resistors. Keep the leads small.. Next , solder the capacitors followed by other low foot print components.

Finally, fix the transistors. You circuit is ready for testing .

There are several advantages to this type of construction. The plain copper clad sheet will act as a ground plane and will improve the performance of RF circuits. Also, If you want to replace a faulty component it is very easy.